Hi everyone
This is probably not everyones idea of fun things to do on a network (including mine!), but the boss does want it done.
We run regular sweeps of our file servers to look for inappropriate use/non-business related use. This mostly takesthe form of image files of very “suspect” nature.
The problem that we have is
A: The utility that we currently use (PowerDesk Find File) allows you to search for specified file types, but has no built in viewer. So you are basically forced to search mostly based upon file name – not very efficient
B: Finding the file in the first place and determining its nature sometimes destroys evidence (last date/time accessed, ownership etc) that may need to be used if any action is taken against thefiles owner.
Does anyone know of any forensic utility that
– Works over a NT network. That is focusses on searching for evidence on a network drive rather that a local drive
– Has an inbuilt file viewer
– Leaves all attributes of file intact
I have come across a couple of packages so far (Encase, Forensic Toolkit), but they mostly concentrate on gather data of of PC hardrives rather than networks.
Any recommendations would be much appreciated.
Regards
Daryl Sheppard
daryl_s@iprimus.com.au